Vlan support

TochToch Member, Beta Tester Posts: 4
First Comment First Anniversary Photogenic
Hi, I believe that one of the functions that fing should implement is the control of the VLANs present in the network to which it is connected. This feature is more and more used by savvy users/nerds like me and Fing could be a great help!
Tagged:
Lee_BoDragonVioletChepilbenhelpsAldereteFingUserBelgarathMike_WatsondstrohlJonMartinCH4DGraemeWJakeDmozarella036444744808
12
12 votes

Active · Last Updated

Comments

  • Lee_BoLee_Bo Member Posts: 273
    100 Comments 100 Likes 5 Answers 25 Agrees
    ✭✭✭
    Toch said:
    Hi, I believe that one of the functions that fing should implement is the control of the VLANs present in the network to which it is connected. This feature is more and more used by savvy users/nerds like me and Fing could be a great help!
    Yes, this would be extremely helpful.  It seems Fing will only show devices from the IP range it's connected to.
    VioletChepilAxelFRichCreedy036444744808
  • RichCreedyRichCreedy Member, Beta Tester Posts: 38
    25 Likes 10 Comments First Anniversary Name Dropper
    ✭✭✭
    I think one of my questions was does fing support vlans, also does it support or could it support dual broadband

    VioletChepil036444744808
  • VioletChepilVioletChepil London, UKMember Posts: 2,471
    100 Answers 500 Likes 1000 Comments 100 Agrees
    ✭✭✭✭✭✭
    Moving this over to the new feature requests sub-category here: https://community.fing.com/categories/fingbox-feature-requests

    Community Manager at Fing

    036444744808
  • PoohPooh Member, Beta Tester Posts: 674
    500 Likes 500 Comments 25 Answers 100 Agrees
    ✭✭✭✭✭
    People say nothing is impossible, but I do nothing every day.
    036444744808
  • VioletChepilVioletChepil London, UKMember Posts: 2,471
    100 Answers 500 Likes 1000 Comments 100 Agrees
    ✭✭✭✭✭✭
    We don't have plans for multi-VLAN support. This is because as a majority most home networks don't have I would guess. @Domotz, our sister company (sharing similar investors) is supporting multi-VLANs. This is geared towards professionals delivering service to others, but also some Prosumers are using. You could activate that on your Fingbox if you like. @Domotz

    Community Manager at Fing

    036444744808
  • VioletChepilVioletChepil London, UKMember Posts: 2,471
    100 Answers 500 Likes 1000 Comments 100 Agrees
    ✭✭✭✭✭✭
    Just turning this one into an ideas thread so others can vote. Cast your vote if you'd like to see implemented too.

    Community Manager at Fing

    036444744808
  • AldereteAlderete Member, Beta Tester Posts: 15
    10 Comments Name Dropper First Answer 5 Likes
    ✭✭
    Just adding my +1 to enabling Fingbox to scan multiple VLANs.

    You're probably going to have to add _something_ like this to Fing/Fingbox in the future, as Apple HomeKit-enabled routers, Eero Secure, and other "consumer-friendly" network equipment providers start offering various "automatic VLAN" solutions to isolate low security devices, like IoT devices, in normal homes. 
    036444744808
  • VioletChepilVioletChepil London, UKMember Posts: 2,471
    100 Answers 500 Likes 1000 Comments 100 Agrees
    ✭✭✭✭✭✭
    Thanks @Alderete for your upvote and feedback. 

    Community Manager at Fing

    036444744808
  • uk_newtuk_newt Member Posts: 2
    Name Dropper First Comment
    I have a home network with multiple vlans for separation of normal user access for laptops, phones, tablets and PC's.
    I have different vlans for IP cameras, Storage / NAS, Development & Test Lab.
    Each vlan has it's own default gateway, which is a logical IP address on the layer 3 managed switch.
    e.g., I have vlans:
    101 - 192.168.1.0/24 - GW = 192.168.1.1
    102 - 192.168.2.0/24 - GW = 192.168.2.1
    103 - 192.168.3.0/24 - GW = 192.168.3.1
    etc...
    I.e. the layer three switch has logical IP addresses (.1) on each vlan so it can perform IP routing between the vlans.
    The internet router is NOT the default gateway on each vlan.
    As such, FING incorrectly detects my router and is therefore unable to carry out security scans.
    The layer 3 switch has it's default gateway configured as 192.168.1.254.
    This is the Internet router address.
    Is there a way to manually specify the internet router?

    Thanks


    AxelF036444744808
  • mozarellamozarella Member, Beta Tester Posts: 111
    25 Likes 10 Comments First Anniversary 5 Awesomes
    ✭✭✭
    @uk_newt actually the fingbox will get the ip-data (also router's ip) via DHCP. Is there a network between your vlan's and the router? I mean a router's-network which is called DMZ sometimes? Then you could place fingbox there.

    @all indeed VLAN is more common in home-networking as people think. The german's firm AVM is producing the Fritz!Box which is a internet-router. This home-router could generate normal LAN but also guest-LAN and guest-Wifi. When using AVM's repeater and built up a mesh-netzwork, there is VLAN used to split the network into two VLAN. Actually it's not possible to manage this VLANs because it's hidden in the management.
    I'm using unifi network and so i built up my own guest-VLAN and use two cables between the main-switch and Fritz!Box. One cable is connected to LAN1 (LAN) and 2nd cable is connected to LAN4 (guest) at Fritz!Box. the switch-ports are configured as untagged but with different VLAN-IDs.
    So i'm connecting a home-router with guest-possibility (and phone-system, wifi, mesh, nas-support, fax-support...) and easy management to a prosumer network (unifi).
    But it doesn't matter if i create the VLAN over unifi by hand or i'm using AVM's products to built up a "hidden" VLAN.

    I'm sure, other products which could be configured as two networks, one for private usage and one for guests / IoT, will also use (more or less hidden) VLAN.
    So it would be great to have an eye at this topic. Not just think home users don't use VLAN.
    By the way, @uk_newt is using VLAN to provide security. Security is a topic which should be in everybodies mind. So fingbox is providing a way of security to monitor the network. fingbox is just a tool of thousands, also like the possibility to use VLAN, VPN, Proxy-servers (proxy-servers to build a gap between internet and network).
    Because of fingbox is seen as security-tool (to show activities within the LAN and monitor it), sometimes it's difficult to see some security-holes because it's not shown by fingbox. E. g. when i connect to my home-network over VPN, i'm getting IP-address from local subnet. I can ping devices inside my home-network and devices form my home-network can ping the computer "outside" just ping the local ip. But fingbox didn't generate alert because the device is just sown with IP not with MAC because of non physical presence.
    036444744808
  • uk_newtuk_newt Member Posts: 2
    Name Dropper First Comment
    @mozarella In my network, there is a managed Cisco layer 3 switch that has the vlans configured. That switch reserves the first IP address in each vlan for itself.  This allows traffic routing (layer 3) to occur between all vlans.
    Without this, PC's could only talk on their own respective vlan, and would be totally isolated (layer 2) comms only.
    In other words, the multiple ".1" gateway addresses configured on the Cisco switch just allows inter-vlan routing.
    The default gateways are configured as follows:
    vlan "101" is 192.168.1.1
    vlan "102" is 192.168.2.1
    vlan "103" is 192.168.3.1, etc..
    Each vlan can therefore communicate with each other.
    The layer 3 switch has a default gateway of 192.168.1.254.
    This gateway is the actual internet router.
    The Cisco switch just routes all "other" non-local traffic to the internet router.
    The Fing box is on vlan 101, as are most devices.
    The internet router is on vlan 101 (.254) and the Cisco switch is also on vlan 101 (.1)
    The DHCP configured default gateway is therefore NOT the internet router, rather it is just the internal switch that hosts the vlans.
    I actually need a manual method of providing the correct INTERNET router, as DHCP value will always be wrong.

    036444744808
  • RichCreedyRichCreedy Member, Beta Tester Posts: 38
    25 Likes 10 Comments First Anniversary Name Dropper
    ✭✭✭
    i have a udm-pro setup with vlans also, 1 for iot 1 for guest whether wifi or lan, and obviously the management.

    036444744808
  • mozarellamozarella Member, Beta Tester Posts: 111
    25 Likes 10 Comments First Anniversary 5 Awesomes
    ✭✭✭
    @uk_newt I see. What will happen, when u set default gateway in vlan 101 to .254?
    Actually i don't understand why the internet-router is inside the vlan 101 and the default-gateway is .1 too. Routing like i learned should be that there's another subnet (maybe 104) which has the internet-gateway. Then each vlan will rout over .1 addresses to .4.254 then.
    It seems that you need to set static ip configuration to fingbox, to tell that .254 is default gateway, but i think it's not possible.
    Another idea. If you set .1.254 as default gateway over dhcp, then your cisco switch doesn't need to rout the traffic between .1 and .254 in this case. But you need to set up static routing for all devices in vlan 101 to reach other vlans. static routing means "rout add xxx" in commandline.
    036444744808
  • TochToch Member, Beta Tester Posts: 4
    First Comment First Anniversary Photogenic

    Up for the Vlan!

  • TochToch Member, Beta Tester Posts: 4
    First Comment First Anniversary Photogenic

    Up for the Vlan support!

  • TochToch Member, Beta Tester Posts: 4
    First Comment First Anniversary Photogenic


Sign In or Register to comment.